<?php
header('content-type:text/html;charset:utf-8');
//测试
//echo "wellcome";
$username=$_POST['userName'];
$password=$_POST['userPass'];
//验证合法性
if (empty($username) || empty($password)) {
	header('Refresh:3;url=back_login.html');
	echo '用户名和密码不能为空！';
	die();
}
//连接数据库
	include_once('../dbtools.inc.php');
	$link=create_connection();
	//数据库用户验证
	$username=addslashes($username);
	$password=md5($password);
	$sql="select * from admin where username='$username'";
	$res = excult_sql($link,'school',$sql);
	if ($res) {
		$row = mysqli_fetch_assoc($res);
		if ($password==$row['password']) {
			session_start();
			$_SESSION['admin']=$row;
			header('Refresh:3;url=index.php');
			echo '欢迎登陆旧衣物回收与交易后台管理系统!';
			die();
		}else{
			header('Refresh:1;url=back_login.html');
			echo '用户名或密码错误！';
			die();
		}
	}

?>